Issue Type: New Feature Created: 2007-03-01T09:32:04.000+0000 Last Updated: 2008-03-21T16:25:18.000+0000 Status: Resolved Fix version(s): - 1.5.0 (17/Mar/08)
Reporter: Darby Felton (darby) Assignee: Darby Felton (darby) Tags: - Zend_Auth
Related issues: Attachments: - Ldap.php
In response to interest in an LDAP adapter for authentication, this issue is created to track the adapter development.
Contributions from the community are most welcome!
Posted by Vincent Dupont (vincent.dupont) on 2007-03-02T00:48:34.000+0000
I would really appreciate to contribute to this topic. However, I only have a few hours a week to work on it. So it may be not ready for 0.9
I'll need some help on the process ( svn, incubator, etc) as this is my first contribution (I use to do translations)
Posted by Darby Felton (darby) on 2007-03-02T08:46:13.000+0000
It's fine that this may not be ready for 0.9.0; it could be released in a later version after 1.0.0, but it's not too early to get started. I suspect that scope creep will be an issue with this adapter, and probably we'll find that we need a proposal for it. In the meantime, however, we can use this JIRA issue to track whatever discoveries are made.
As a bonus, nearly any formatting you might use herein would also be transferable to the proposal, since it supports the same wiki format.
Posted by Vincent Dupont (vincent.dupont) on 2007-03-19T02:31:33.000+0000
Hi Darby, and the others
I finally started the draft proposal for Zend_Auth_LDAP
The idea is very simple : take the login and password provided by the user (login form), and use them to connect the the LDAP server. If needed, concat the username (myusername) with the domain name (\mydomain => \mydomain\myusername).
If the connection succeeds, then this is because the user/password match those of the LDAP directory. Else, we have a problem...
We use this for ages against various Active Directory servers for intranets and extranets. This works very well and is reliable. However, wrong authentication with the same login will lock the windows account in the same way the windows account can be locked from a windows station. So, if some nasty boy tries to figure out the password of their friend, and if they make 3 successive errors, the login of their friend will be locked. The unlock procedure is to be defined inside the Active Directory. At some places, the account is always unlocked after a hour, in some other places we need a manual unlock...
I never tested this solution agains another LDAP server. If someone has more exeprience on OpenLDAP or others, please tell me.
The ldap Auth will only return a true/false, and will NOT fetch more information about he user from the LDAP directory. This may be the work of the Zend_LDAP.
Posted by Vincent Dupont (vincent.dupont) on 2007-03-19T17:13:58.000+0000
Maybe we should change the name to be Zend_Auth_Adapter_LDAP, so as to match the exsting Zend_Auth_Adapter_HTTP...
Posted by Vincent Dupont (vincent.dupont) on 2007-05-10T14:46:53.000+0000
I finally have something that (should) work and I'd like the opinion of users.
I added all phpdoc comments I could. I also let many comments into the source code so as to help for a code revue.
Don't hesitate to give me your comments. I know the code is not perfect, but the functionality seem to be ok.
Posted by Vincent Dupont (vincent.dupont) on 2007-05-10T15:06:47.000+0000
This the first release of the Zend_Auth_Adapter_Ldap. Download the file and paste into /Zend/Auth/Adapter/
A code sample is into the source file PHPDocs
Posted by Wil Sinclair (wil) on 2007-11-08T21:52:56.000+0000
We now have two proposals under construction for this component:
We must move a proposal forward for this- either one of these or a new one. Currently, the Zend team would prefer for this to be largely community-driven, since the community has given it relatively significant time, thought, and interest. If you have a proposal that is currently under construction or you'd like to submit a new one, please notify Darby Felton (the Zend team liason for this project) so that we can get this on the map for the next release.
Posted by Wil Sinclair (wil) on 2007-11-15T16:09:14.000+0000
Darby will be driving this effort for inclusion in 1.1.
Posted by Darby Felton (darby) on 2007-12-18T13:48:57.000+0000
Planning to drive this proposal by [~miallen].
Posted by Darby Felton (darby) on 2007-12-18T14:27:00.000+0000
To all readers - this means you - please review the new proposal and post comments with feedback there. ;)
Have you found an issue?
See the Overview section for more details.